Lucene search
K

77 matches found

CNVD
CNVD
added 2021/02/23 12:0 a.m.11 views

OwnCloud has an unspecified vulnerability

Owncloud ownCloud is a set of personal cloud storage solutions from the American company ownCloud Owncloud. A security vulnerability exists in versions of OwnCloud prior to 0.15.2, which originates when a user creates a public link to a folder where an anonymous user uploads a file, and another...

5.7CVSS6.6AI score0.00797EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/02/09 12:0 a.m.8 views

Owncloud 安全漏洞

Owncloud ownCloud is a set of personal cloud storage solutions from the American company ownCloud Owncloud. A security vulnerability exists in versions of OwnCloud prior to 0.15.2, which originates when a user creates a public link to a folder where an anonymous user uploads a file, and another...

5.7CVSS6.2AI score0.00797EPSS
Exploits0References1
CNVD
CNVD
added 2017/06/29 12:0 a.m.7 views

ownCloud Error Page Cross-Site Scripting Vulnerability

ownCloud is the open source file synchronization and sharing solution. A cross-site scripting vulnerability exists in ownCloud, which can be exploited by remote attackers to construct malicious URIs and trick users into parsing them, which can be used to obtain sensitive cookies, hijack sessions,...

6.1CVSS6.3AI score0.012EPSS
Exploits0References1
OSV
OSV
added 2017/03/28 2:59 a.m.11 views

CVE-2016-9467

Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to displa...

5.3CVSS6.5AI score
Exploits0References11
OSV
OSV
added 2017/03/28 2:59 a.m.8 views

CVE-2016-9465

Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Stored XSS in CardDAV image export. The CardDAV image export functionality as implemented in Nextcloud/ownCloud allows the download of images stored within a vCard. Due to not performing any kind of verification o...

5.4CVSS5.1AI score
Exploits0References6
OSV
OSV
added 2017/03/28 2:59 a.m.10 views

CVE-2016-9459

Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a log pollution vulnerability potentially leading to a local XSS. The download log functionality in the admin screen is delivering the log in JSON format to the end-user. The file was delivered with an attachment...

6.1CVSS6.2AI score
Exploits0References8
OSV
OSV
added 2016/01/08 9:59 p.m.8 views

CVE-2016-1500

ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2, when the "fileversions" application is enabled, does not properly check the return value of getOwner, which allows remote authenticated users to read the files with names starting with ".v" and belongi...

3.1CVSS4.6AI score
Exploits0References1
CNVD
CNVD
added 2016/01/08 12:0 a.m.7 views

ownCloud Arbitrary File Read Vulnerability

OwnCloud is a free and open source personal cloud storage solution from German company OwnCloud. The solution offers file management, music storage, calendars and more. A security vulnerability exists in ownCloud. A remote attacker can exploit the vulnerability to read arbitrary files in the...

4.9CVSS6.9AI score0.0144EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2015/11/05 12:0 a.m.8 views

The vulnerability of the web application for data synchronization with ownCloud allows a hacker to circumvent existing access restrictions and gain access to users’ files.

The vulnerability of the virtual file system of the web application for data synchronization with ownCloud is related to the lack of data validation during data retrieval. Exploiting this vulnerability allows a malicious actor to bypass existing access restrictions and gain access to user files b...

4CVSS5.5AI score0.01201EPSS
Exploits0References4Affected Software1
CNVD
CNVD
added 2015/09/27 12:0 a.m.6 views

ownCloud Information Disclosure Vulnerability (CNVD-2015-06359)

ownCloud is an open source personal cloud storage solution. An information disclosure vulnerability exists in ownCloud, allowing remote attackers to exploit the vulnerability to obtain sensitive information...

7.5CVSS6.3AI score0.02627EPSS
Exploits0References1
CNVD
CNVD
added 2015/02/05 12:0 a.m.7 views

ownCloud 'OC_Util::getUrlContent()' Local Information Disclosure Vulnerability

ownCloud is a free and open source personal cloud storage solution created by German KDE developer Frank Karlitschek. The solution offers file management, music storage, calendars, and more. A local information disclosure vulnerability exists in ownCloud 'OCUtil::getUrlContent', which allows...

5CVSS5.9AI score0.01186EPSS
Exploits0References1
CNVD
CNVD
added 2015/02/05 12:0 a.m.5 views

ownCloud Server Authentication Vulnerability

ownCloud is a free and open source personal cloud storage solution created by German KDE developer Frank Karlitschek. The solution offers file management, music storage, calendars, and more. A security vulnerability exists in ownCloud Server due to the FTP backend "userexternal" failing to provid...

5CVSS7.1AI score0.01859EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2014/06/04 2:55 p.m.7 views

CVE-2013-0204

settings/personal.php in ownCloud 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via crafted mount point settings...

4.6CVSS6.1AI score0.00897EPSS
Exploits0References3
CVE
CVE
added 2014/06/04 2:0 p.m.65 views

CVE-2013-0204

CVE-2013-0204 affects ownCloud 4.5.x before 4.5.6. A vulnerability in settings/personal.php allows an authenticated remote user to execute arbitrary PHP code via crafted mount point settings, enabling remote code execution. The issue is documented in the official ownCloud advisory OC-SA-2013-002,...

4.6CVSS6.5AI score0.00897EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2014/03/14 4:55 p.m.26 views

UBUNTU-CVE-2013-2048

ownCloud before 5.0.6 does not properly check permissions, which allows remote authenticated users to execute arbitrary API commands via unspecified vectors. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary API commands...

6.5CVSS6.1AI score0.01632EPSS
Exploits0References3
OSV
OSV
added 2014/03/14 4:55 p.m.29 views

UBUNTU-CVE-2013-2086

The configuration loader in ownCloud 5.0.x before 5.0.6 allows remote attackers to obtain CSRF tokens and other sensitive information by reading an unspecified JavaScript file...

5CVSS5.8AI score0.01799EPSS
Exploits0References3
OwnCloud
OwnCloud
added 2012/07/10 11:42 a.m.47 views

Server: User enumeration

apps/calendar/appinfo/remote.php and apps/contacts/appinfo/remote.php in ownCloud before 4.0.7 allows remote authenticated users to enumerate the registered users via unspecified vectors. For more information please consult the official advisory. This advisory is licensed CC BY-SA 4.0...

4CVSS6AI score0.01797EPSS
Exploits1Affected Software1
Rows per page
Query Builder